Electronic transactions over telephone networks or via the Internet are commonplace today. For example, electronic commerce over the Internet often involves an individual providing credit card information to a secure server using, e.g., DTMF (Dual Tone Multi-Frequency) communication, voice dialogs with either a machine, e.g., an IVR system or human operators. A graphical user interface (GUI) on a personal computer (PC) or other optical interfaces (e.g., touch-screens) may also be used to provide confidential information over a telephone or other network connection. Another common example is when a caller is asked to enter his social security number or other personal identification number (e.g., password/PIN, login, etc.) over the telephone or an internet connection.
Unfortunately, these methods potentially allow someone else to secretly acquire this information and use it for their own nefarious purposes. By way of example, providing secure information using speech input renders an IVR application useless when the caller is at a public place where there is a chance of being overheard by an eavesdropper. In addition, pressing DTMF keys to enter secure information such as Social Security or credit card numbers runs the risk of a spy noting down the keys that are pressed, or using a remote camera to record the key press sequence. The spy could then use this information for fraudulent purposes, such as to hack a bank account. Thus, a user may not feel safe to verbalize confidential numbers or to type in the numbers on a phone in a public place.
By way of further background, U.S. Pat. No. 5,794,218 discloses a system and method for allowing telephone-based interactive performance of financial transactions in multiple languages. The system prompts the customer of a financial institution in various languages until the customer's language and home country are identified. The system then connects the customer telephonically with a representative who speaks the customer's language and who can authorize the transaction by accessing the customer's records. U.S. Pat. No. 6,847,715 discloses a system with an IVR unit, wherein an interaction input from a caller is stored and then transmitted to an appropriate agent workstation. An Internet banking service called ING Direct (http://www.ingdirect.com) provides its customers with a “phone like” dial pad image which is sent to a web client. The dial pad image associates a digit to a random set of alphabets. The user then looks at the image and inputs the corresponding alphabet instead of sending the digit itself over the network. This system, however, is only useful on a client computer.